Add support for more SSL BIO functions #2273
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2273 +/- ##
==========================================
- Coverage 79.04% 79.03% -0.01%
==========================================
Files 614 614
Lines 107003 107042 +39
Branches 15158 15161 +3
==========================================
+ Hits 84579 84605 +26
- Misses 21770 21784 +14
+ Partials 654 653 -1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Merged
skmcgrail
reviewed
Mar 19, 2025
smittals2
reviewed
Mar 19, 2025
smittals2
previously approved these changes
Mar 24, 2025
skmcgrail
previously approved these changes
Mar 25, 2025
samuel40791765
dismissed stale reviews from skmcgrail and smittals2
via
ed7279c
skmcgrail
approved these changes
Mar 25, 2025
smittals2
approved these changes
Mar 25, 2025
Co-authored-by: Sean McGrail <[email protected]>
Merged
skmcgrail
added a commit
that referenced
this pull request
Mar 28, 2025
## What's Changed * Revert "Allow constructed strings in BER parsing (#2015)" by @samuel40791765 in #2278 * Add the rehash utility to the openssl CLI tool by @smittals2 in #2258 * Documentation on service indicator by @justsmth in #2281 * Update patches in Ruby CI by @samuel40791765 in #2233 * Reject DSA trailing garbage in EVP layer, add test cases by @skmcgrail in #2289 * Add support for verifying PKCS7 signed attributes by @samuel40791765 in #2264 * Add support for more SSL BIO functions by @samuel40791765 in #2273 * Wire-up rust-openssl into GitHub CI (for the time being) by @skmcgrail in #2291 * Adding detection of out-of-bound pre-bound memory read to AES-XTS tests. by @nebeid in #2286 * AES: Add function pointer trampoline to avoid delocator issue by @hanno-becker in #2294 * Bump mysql CI to 9.2.0 by @samuel40791765 in #2161 * Cherrypick hardening DSA param checks from BoringSSL by @smittals2 in #2293 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
samuel40791765
added a commit
that referenced
this pull request
Apr 3, 2025
We've added support for Xtrabackup in #2273, this ensures that the build doesn't break. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issues:
Resolves
CryptoAlg-2926Description of changes:
Xtrabackup happens to take a dependency on some of OpenSSL's BIO_ssl methods. These are essentially helper BIOs that maintain an
SSLwithin them. We have the necessary functionality available, this is just wrapping these BIOs around them.Call-outs:
N/A
Testing:
Ideally we would test against the "connect" BIO created within
BIO_new_ssl_connectwithBIO_do_connect, but this isn't quite easy since we do not have any BIO methods that set up sockets on the server end (BIO_s_accept). We have other mechanisms of doing so in ourbssltool andocsp_integration_tests, but pulling the functionality over just to test theseBIOs seemed a bit overkill for my liking. I've given my reasoning in the test comments, if we ever do supportBIO_s_acceptwe can look to update the test.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.